Editor’s Note: The Wall Street Journal opinion poll goes to core of the current cyber-regulatory policy debate. What do you think? Please provide your views and the reasoning behind to the only forum dedicated to Regulatory Cybersecurity using the Submit Comment button below or by contacting the forum here. All comments are anonymous unless you choose to provide name and/or affiliation. No registration is required.

ABA’s Johnson Explains SEC Requirements

By Jeffrey Roman

When it comes to reporting cyber-attack activity to the Securities and Exchange Commission, U.S. banking institutions should avoid a boiler-plate approach and be mindful of the details, says Doug Johnson, who oversees risk management policy for the American Bankers Association.

“The SEC back in October of 2011 clarified existing rules and guidance as it related to what an institution that’s publicly traded has to do, in terms of responsibility for reporting these types of events,” Johnson says during an interview with Information Security Media Group (transcript below).

Deals website LivingSocial’s disclosure last week that hackers cracked its network to steal sensitive personal information for more than 50 million accounts was the latest in a continuing series of such mea culpas.

Last summer the social networking site Formspring admitted that it lost 30 million registered users’ passwords to data thieves, just a few weeks after LinkedIn reported losing encrypted passwords for nearly 6.5 million of its users. Around the same time, Yahoo confirmed the theft of 450,000 Yahoo users’ e-mail addresses and passwords.

A Treasury Department official urged the U.S. financial-services industry to help the government identify cybersecurity threats to limit “technology’s potential for disruption and destruction.”

“We have had important recent reminders that our financial institutions and markets are vulnerable to malicious cyber- attacks and operational failures,” Cyrus Amir-Mokri, the Treasury’s assistant secretary for financial institutions, said in the text of a speech today at a Securities Industry and Financial Markets Association conference in Boca Raton, Florida.

It’s a unique private-public partnership, with the overall goal of more secure data for everyone. Eleven major tech firms have partnered with the National Cybersecurity Center of Excellence, which will bring vendors and users together with the hopes of standardizing fast, practical solutions to the growing problem of online data threats. The companies include Microsoft, Intel, Cisco and HP.

Protecting Internet information has become a costly enterprise, with worldwide spending on security estimated at US$60 billion in 2012. That figure will grow to $86 billion by 2016, according to a Gartner study.